The challenge of identifying or authenticating a person on a local computer, or on the other end of a communication session, or in the role of the sender of a message, is a recurring theme in e-business. A typical solution uses user authentication methods based at least in part on passwords or PINs (personal identification numbers). A password or PIN is a word or code used as a security measure against unauthorized access to data. Typically, a user obtains a PIN as part of an enrollment process with a service provider. In this enrollment process, the service provider assesses user-supplied information and decides whether to provide the service to the user. If the service provider decides to provide service, the service provider issues a PIN to the user.
After enrolling with the service provider, the user uses the PIN to obtain access to the service. The user interface in this case consists of a prompt for a PIN. The user is typically allowed a fixed number of unsuccessful PIN attempts before user access is blocked.
A PIN or password is typically the primary means by which an individual user indicates authorization based at least in part on an intelligent thought process performed by the user. The user must recall the PIN from the user's memory and enter the digits corresponding to the PIN to obtain access to a service. PINs are often difficult to remember, especially when a user uses more than one PIN to access different services. A user may create a written copy of the PIN or PINs in an attempt to remember them. However, such a practice degrades security because the paper containing the PIN or PINs can be stolen or forwarded freely. Thus, static PIN-based user authentication mechanisms alone provide a relatively low level of security.
An improved form of user authentication is made possible by using a smart card or a magnetic stripe card in conjunction with a PIN. This is sometimes referred to as “two-factor” user authentication, combining “what you have” (the physical card) with “what you know” (the password needed to use the card). Because both possession of the card and knowledge of the PIN are required, two-factor user authentication can provide a higher level of security than user authentication based at least in part on a PIN or on a card alone.
FIG. 1 is a block diagram that illustrates a typical mechanism for PIN management using a magnetic stripe card. A service provider 150 maintains a centralized cardholder database 110 that includes a primary account number (PAN) and an associated PIN for each cardholder. A cryptographic algorithm is typically used to generate the PIN based at least in part on a cryptographic key 140, the PAN 120 and possibly other data 135. The PAN for a user 100 is written on a magnetic strip card 105 and the card 105 is provided to the user 100. The user 100 gains access to the account associated with a card 105 by presenting the card 105 to a card reader or card acceptance device (CAD) 155 in communication with the centralized cardholder database 110 and by entering a PIN 145. The CAD 155 may be implemented in a PC or as a standalone device. The centralized cardholder database 110 grants user 100 access to the account if the PAN on the card 105 matches a PAN 120 in the database 110 and if the PIN 145 entered by the user 100 matches the PIN 125 that is associated with the PAN 120 in the database 110.
FIG. 2 is a block diagram that illustrates a typical mechanism for personal identification number (PIN) management using a smart card. Unlike a magnetic strip card, a smart card may include a CPU (central processing unit). Such a smart card can process data such as a PIN locally on the card. This processing may include PIN verification. Once a user is authenticated to the card, the card can be used to obtain access to a service. As shown in FIG. 2, smart card 205 includes multiple vendor applications (235, 240, 290), each of which may use the same PIN to control access to a service. Smart card 205 also includes an applet 215 provided by the card issuer. The issuer applet 215 includes PIN comparator 220 that compares PIN 270 entered by a user 200 with a validated PIN 230. Typically, PIN comparator 220 allows a fixed number of unsuccessful PIN tries before access is blocked. This is illustrated below with reference to FIG. 3. Once access is blocked, user 200 must present the card 205 to service provider 280. Service provider 280 maintains information about the smart card 205 that allows the smart card 205 to be reset. In one solution, service provider 280 maintains a “super PIN” that allows the smart card 205 to be reset based at least in part on cryptographic protocols.
Turning now to FIG. 3, a flow diagram that illustrates a method for personal identification number (PIN) management is presented. At 300, a PIN from a user is received. At 305, a determination is made regarding whether a try counter has exceeded a maximum number of try attempts. If the maximum number of try attempts has been exceeded, the card is set to block at 310. If the maximum number of try attempts has not been exceeded, the try counter is incremented at 315 and a determination regarding whether the user-entered PIN matches a validated PIN is made. If the user-entered PIN matches the stored PIN, access is allowed at 325. If the user-entered PIN does not match the validated PIN, additional PIN tries are accepted beginning at 300. This process continues until the maximum number of try attempts has been exceeded.
Unfortunately, maintaining a PIN in a centralized database 105 that is beyond user control makes PINs vulnerable to misuse by a service provider 150. It also makes the PIN vulnerable to attack by rogue software running on the service provider's system.
Cryptographic devices such as smart cards use a secret key to process input information and/or to produce output information. Security protocol designs typically assume that input and output messages are available to attackers, but that other information about the keys is not available. However, side-channel attacks can be used to obtain secret keys and other information stored on a smart card. A side-channel attack employs methods that have little to do with the security concepts underlying a system. For example, encryption focuses on key size and symmetric or public, strong algorithms to protect against brute-force attacks. While these attacks need to be addressed, a cryptographic system can be attacked in other way, from a totally different direction, addressing not the concept but the implementation as well as other parts of the overall system. Looking over a person's shoulder while typing a message that is destined to be encrypted, is one trivial example.
Side-channel attacks against smart cards focus on the processing performed by the card, rather than on the normal communications interface with the smart card. The data analyzed in such attacks may include measurements of power consumption, electromagnetic radiation and processing time. Integrated circuits such as those found in smart cards are built out of individual transistors that act as voltage-controlled switches. Current flows across the transistor substrate when charge is applied to or removed from the gate. This current then delivers charge to the gates of other transistors, interconnect wires, and other circuit loads. The motion of electric charge consumes power and produces electromagnetic radiation, both of which are externally detectable. Therefore, individual transistors produce externally observable electrical behavior. Because microprocessor logic units exhibit regular transistor switching patterns, it is relatively easy to identify macro-characteristics (such as microprocessor activity) by detailed monitoring of power consumption.
In Simple Power Analysis (SPA) attacks, an attacker directly observes a system's power consumption. The amount of power consumed varies depending on the microprocessor instruction performed. At high magnification, individual instructions can be differentiated.
Differential Power Analysis (DPA) is a much more powerful side-channel attack than SPA, and is relatively difficult to prevent. While SPA attacks use primarily visual inspection to identify relevant power fluctuations, DPA attacks use statistical analysis and error correction techniques to extract information correlated to secret keys.
Implementation of a DPA attack involves two phases: Data collection and data analysis. Data collection for DPA may be performed by detailed sampling of a device's power consumption during cryptographic operations as a function of time. Multiple cryptographic operations suspected of using the target key are observed. While the effects of a single transistor switching would be normally be impossible to identify from direct observations of a device's power consumption, the statistical operations used in DPA are able to reliably identify relatively small differences in power consumption.
An improvement is made possible by storing secret information such as PINs in encrypted form. However, the encrypted PIN must be decrypted before in order to compare the decrypted PIN with a user-entered PIN, thus making the decrypted PIN susceptible to side-channel attacks.
A device may be made less susceptible to side-channel attacks by reducing signal sizes, such as by using constant execution path code, choosing operations that leak less information in their power consumption and by physically shielding the device. Unfortunately, such signal size reduction generally cannot reduce the signal size to zero, as an attacker with a sufficiently large number of samples will still be able to perform side-channel attack analysis on the (heavily degraded) signal. Additionally, aggressive shielding can make attacks infeasible. However, such shielding adds significantly to a device's cost and size.
Introducing noise into power consumption measurements may also lessen side-channel attack susceptibility. This may be done by executing random code segments. Like signal size reductions, adding noise increases the number of samples required for an attack, possibly to an infeasibly large number. In addition, execution timing and order can be randomized. However, such modifications typically decrease execution efficiency and make the software code relatively complex, complicating code verification.
Smart cards are also susceptible to card tear. The term “card tear” refers to the removal of a smart card from a CAD before a transaction is complete. In one instance, a card is removed from a CAD before a user authentication transaction is complete (before the user has authenticated himself or herself to the card). In this case, the card is removed after a PIN has been entered but before the card has recorded the result of comparing the entered PIN with a valid PIN stored on the card. This technique typically prevents the card from becoming blocked, thus increasing the possible number of PIN comparison operations and increasing the amount of information susceptible to side channel attacks.
Accordingly, what is needed is a relatively secure user authentication solution that provides relatively limited access to an individual's PIN. Another need exists for such a solution that is relatively inexpensive. Yet a further need exists for such a solution that is relatively insensitive to side-channel attacks. Yet a further need exists for such a solution that is relatively efficient and verifiable.